<?php
require_once('../../inc/config.inc');
//Connect to mysql server
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if(!$link) {
	die('Failed to connect to server: ' . mysql_error());
}

//Select database
$db = mysql_select_db(DB_DATABASE);
if(!$db) {
	die("Unable to select database");
}

$redirectTo=$_GET['redirect-to'];

if (isset($_POST['sbm'])){
	$id=$_POST['id'];
	$newpass=$_POST['npass'];
	$confirm_pass=$_POST['cnpass'];


	if($newpass == $confirm_pass){
		$pass=md5($newpass);
		$sql=mysql_query("UPDATE users SET password='$pass' WHERE id=$id;");
		if($sql){
			header("location:" . $redirectTo . "?changePass=success");


		}
		else {

			echo "Unable to Change Password!" . mysql_error();
		}
	}
	else{
		echo "Passwords doesn't match!";
	}
	mysql_close();



}else {
	header("location: ../wizard.php");
}
?>